Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
372
Views
3
Helpful
2
Replies

CIDS signature tuning

fengluo
Level 1
Level 1

‎12-06-2003 07:35 AM - edited ‎03-09-2019 05:46 AM

When I fire my IDS, I can see many false positives from VMS, such as IDS Evasiive Encoding and Long WebDAV Request from my cisco cashe engines, Namp UDP Port Sweep from my DNS servers, and Sendmail Data Header Overflow from my exchange servers. How can I tune my IDS to cut down those noise?

Labels:
0 Helpful
2 Replies 2

marcabal
Cisco Employee
Cisco Employee

‎12-07-2003 03:15 PM

You will need to create filters for your sensor.

Here is a link to the IDS MC documentation for creating filters:

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/mgt_ids/idsmc12/ug/ch05.htm#893883

If you are using IDM refer to the following link for version 4.1:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids10/idmiev/swchap3.htm#31156

Or the following link for version 3.1:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids8/13876_01.htm#xtocid38

fengluo
Level 1
Level 1
In response to marcabal

‎12-15-2003 11:00 AM

Nmap UDP Port Sweep could not be filtered out from my DNS server in VMS, any ideas?

0 Helpful
Customers Also Viewed These Support Documents